This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I know that with PreparedStatements, values automatically get escaped so a value containing a single quote, for example, won't be a problem. However I'm currently coding for MySQL, in which PreparedStatements are actually slower than Statements (because there's no native support for them I guess.) Is there a function in JDBC somewhere that automatically escapes a parameter so it can be added to a SQL string as a literal?
Similar question for the byte array of a serialized java object. Is it possible to insert one using a normal Statement?